from the peeling-away-the-layers dept

We learnt about the NSA's XKeyscore program a year ago, and about its incredibly wide reach. But now the German TV stations NDR and WDR claim to have excerpts from its source code. We already knew that the NSA and GCHQ have been targeting Tor and its users, but the latest leak reveals some details about which Tor exit nodes were selected for surveillance -- including at least one in Germany, which is likely to increase public anger there. It also shows that Tor users are explicitly regarded as "extremists" (original in German, pointed out to us by @liese_mueller):

The source code contains both technical instructions and comments from the developers that provide an insight into the mind of the NSA. Thus, all users of such programs are equated with "extremists".

Such is the concern about Tor that even visitors to Tor sites -- whether or not they use the program -- have their details recorded:

not only long-term users of this encryption software become targets for the [US] secret service. Anyone who wants to visit the official Tor Web site simply for information is highlighted.

The source code also gives the lie to the oft-repeated claim that only metadata, not content, is gathered:

With the source code can be proven beyond reasonable doubt for the first time that the NSA is reading not only so-called metadata, that is, connection data. If emails are sent using the Tor network, then programming code shows that the contents -- the so-called email-body -- are evaluated and stored.

As well as all this interesting information, what's important here is that it suggests the source of this leak -- presumably Edward Snowden, although the German news report does not name him -- copied not just NSA documents, but source code too. As in the present case, that is likely to provide a level of detail that goes well beyond descriptive texts.

from the bad,-bad-news dept

Three years ago we wrote about how Austrian police had seized computers from someone running a Tor exit node. This kind of thing happens from time to time, but it appears that folks in Austria have taken it up a notch by... effectively now making it illegal to run a Tor exit node. According to the report, which was confirmed by the accused, the court found that running the node violated §12 of the Austrian penal code, which effectively says:

Not only the immediate perpetrator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action.

In other words, it's a form of accomplice liability for criminality. It's pretty standard to name criminal accomplices liable for "aiding and abetting" the activities of others, but it's a massive and incredibly dangerous stretch to argue that merely running a Tor exit node makes you an accomplice that "contributes to the completion" of a crime. Under this sort of thinking, Volkswagen would be liable if someone drove a VW as the getaway car in a bank robbery. It's a very, very broad interpretation of accomplice liability, in a situation where it clearly does not make sense.

Tragically, this comes out the same day that the EFF is promoting why everyone should use Tor. While it accurately notes that no one in the US has been prosecuted for running Tor, it may want to make a note about Austria. Hopefully there is some way to fight back on this ruling and take it to a higher court -- and hopefully whoever reviews it will be better informed about how Tor works and what it means to run an exit node.

from the say-what-now? dept

We've written a bunch about the City of London Police* and their extrajudicial campaign against "piracy" by trying to scare web hosting and domain registrar firms into taking down websites based on nothing more than the City of London Police's say so. However, Adrian Leppard, the guy in charge of the City of London Police's Intellectual Property Crime Unit (funded both by taxpayers and legacy entertainment companies) spoke at an IP Enforcement Summit in London and his comments, relayed by Torrentfreak, should raise questions about whether or not this is the right person to have anything to do with stopping "crime" on the internet:

“Whether it’s Bitnet, The Tor – which is 90% of the Internet – peer-to-peer sharing, or the streaming capability worldwide. At what point does civil society say that as well as the benefits that brings, this enables huge risk and threat to our society that we need to take action against?”

Yeah, try to parse that one. Beyond not being true, it's almost entirely nonsensical. And this guy is ordering websites completely shut down based on nothing more than his say so?

This sounds kind of like the idiotic debates that were had a decade or so ago, when clueless folks from the entertainment industry were first getting online.

"The Internet pushes through every border control legislation we have and it is carrying a huge amount of harm to our society, as well as offering creative opportunity for business. At some point there has to be a debate and a challenge about the harm the Internet brings."

Yeah, that debate happened long ago, and people realized (1) the claims of harm are completely overblown by folks like yourself and (2) the benefits are massive. Debate closed.

But, really, what Leppard is doing is trying to declare war on the internet, because it's upset the business model of a few businesses that are funding this effort (which would suggest a less-than-unbiased view of the issue):

"The new legislation that’s necessary is not just about prosecuting people and protecting people, we’ve got to think about some of the enabling functions that allow this to happen that we just take for granted."

"Enabling functions"? He's talking about regulating the internet to add deeper layers of secondary liability, thereby effectively destroying one of the most important ingredients to the internet's success. All because his friends in the obsolete legacy parts of the entertainment industry haven't figured out how to adapt.

It would appear that the City of London Police are the legacy entertainment industry's dream law enforcement group: completely clueless about technology and innovation, and not all that concerned about basic legal concepts like due process and protections against third party liability. That lets them rampage through the internet like bullies trying to shut down anything their friends in the industry don't like, oblivious to any collateral damage it might cause. That's a very dangerous tool, and it's going to cause serious problems before too long.

* I don't know what it is about the City of London Police that always seems to make people want to clarify stuff in the comments, but just to cut all this off: (1) Yes, I know that the City of London Police covers just "the City of London" which is about a 1-square mile area within London, rather than the wider London police force and (2) I also know that many of the big banks and big London businesses are in City of London, so the City of London Police have some amount of powerful connections with businesses. There is no reason to clarify any of that in the comments. We know already.

from the teaching-tor-and-truecrypt dept

Kevin Poulsen over at Wired has the interesting story of how Ed Snowden both ran a CryptoParty in Hawaii while waiting to hear back from Glenn Greenwald after his first email, and also apparently hosted a Tor node. In October of 2012, we wrote about the CryptoParty movement, launched by digital rights activist Asher Wolf, and apparently Snowden thought it was a good idea as well. The details seem fairly straightforward, though it does suggest (yet again) that he was legitimately interested in protecting the American public, rather than (as some continue to argue) working for some "foreign power." At the CryptoParty, he apparently taught folks how to use TrueCrypt and Tor.

Perhaps more interesting is the news that he ran a Tor exit relay. The story kicks off with Snowden emailing Runa Sandvik, a key Tor developer, asking if she can send him some Tor stickers that he can pass around at work. It's long been noted that Snowden has a Tor sticker (along with an EFF sticker) on the laptop he uses, but now we know where and how he got it. But in that email, he noted that he ran a "major tor exit" relay:

In his e-mail, Snowden wrote that he personally ran one of the “major tor exits”–a 2 gbps server named “TheSignal”–and was trying to persuade some unnamed coworkers at his office to set up additional servers. He didn’t say where he worked. But he wanted to know if Sandvik could send him a stack of official Tor stickers....

“He said he had been talking some of the more technical guys at work into setting up some additional fast servers, and figured some swag might incentivize them to do it sooner rather than later,” Sandvik says. “I later learned that he ran more than one Tor exit relay.”

Of course, some may also point out that one minor weakness in Tor is that malicious exit node operators can do some spying on users -- at least opening up the question of whether or not Snowden was running that exit relay for himself (and being good about it) or running it for the NSA.

Either way, to get the stickers, Snowden gave Sandvik his real name and address, and she mentioned plans to be in Hawaii, leading to the idea of hosting a CryptoParty, which turned into reality:

Sandvik began by giving her usual Tor presentation, then Snowden stood in front of the white board and gave a 30- to 40-minute introduction to TrueCrypt, an open-source full disk encryption tool. He walked through the steps to encrypt a hard drive or a USB stick. “Then we did an impromptu joint presentation on how to set up and run a Tor relay,” Sandvik says. “He was definitely a really, really smart guy. There was nothing about Tor that he didn’t already know.”

“Everything ran very smoothly,” she adds. “There were no questions about how to do things or where to put the chairs. Maybe he’s just really good at organizing events.”

As for the timing, Snowden apparently emailed Greenwald for the first time 11 days before the party, and was still waiting for a reply when the party happened...

from the well,-duh dept

For many, many years now, we keep hearing law enforcement whine about the "threats" of anonymity and how people would be able to get away with all sorts of criminal activity if they weren't given the ability to track, monitor and tap pretty much every communications technology that has come along. A decade ago the fear was that free and open WiFi was going to be a major boon to criminals who could use it "with no trace." As we pointed out, however, nothing about using an anonymous connection like that means you won't get caught, because criminals have to do a lot of things, many of which will expose them in other ways, without having to tap and track every technological interaction. What's known as good old-fashioned detective work can often track down criminals who used tools to be anonymous -- and for years, we've pointed out many, many, many examples of this.

More recently, law enforcement's concern has been about Tor (which is slightly ironic, given that Tor was created and funded by the US government). The Snowden revelations have shown that, try as they might, the NSA has not had much luck in compromising Tor, and Snowden himself has noted that properly used encryption mostly works.

A recent Wall Street Journal article notes that law enforcement is slowly realizing that perhaps Tor isn't a parade of horribles that must be encumbered with backdoors for wiretapping... after realizing that most criminals more or less reveal themselves by doing something stupid along the way anyway.

But officials are becoming more confident that Tor's shield of anonymity isn't impenetrable.

"There's not a magic way to trace people [through Tor], so we typically capitalize on human error, looking for whatever clues people leave in their wake," said James Kilpatrick, one of the HSI agents who is part of Operation Round Table, a continuing investigation into a Tor-based child-pornography site that has so far resulted in 25 arrests and the identification of more than 250 victims, all children.

This is a good thing. We should want law enforcement to be able to track down criminals -- and it's good to see that they're figuring out ways to do so. But it's important that they should need to do so via basic detective work, rather than by compromising important technology, creating security flaws and opening up all sorts of dangerous unintended consequences.

As with all kinds of new technologies, anonymizing technologies seem to create something of a moral panic among law enforcement types, who then insist those technologies need to be "broken" and backdoored or else criminals could somehow get away with everything. But that's silly. Sooner or later most criminals do other things that reveal who they are, opening them up to investigation and potential indictment, arrest, trial etc.

One hopes that as this realization becomes more widespread, law enforcement and intelligence agencies will finally pull back from constantly trying to expand wiretapping laws that will break important innovations and technologies, but perhaps that's being too optimistic.

from the collect-it-all dept

We've mentioned in the past that, for all the focus on the NSA lately, the FBI may be equally, if not more, worrisome for its willingness to collect tons of data on everyone and use it. Back in August, it became pretty clear that the FBI had compromised the Tor Browser Bundle, and had effectively taken over Freedom Hosting -- a popular hosting provider for dark web tor sites -- in order to push out malware that identified Tor users. A month later, it was confirmed that it was the FBI behind the effort, which led to the closing of Freedom Hosting.

Now there are new reports, suggesting that along with Freedom Hosting, the FBI was able to get the full database of emails on TorMail, a popular tor-based email service that used Freedom Hosting and was shut down at the same time Freedom Hosting went down. The reports point to a new lawsuit, in which the FBI was able to get a search warrant to search TorMail using its own copy of the database -- which it clearly had obtained at an earlier date. This basically means that the FBI has a pretty easy time searching all those emails if it needs to:

The tactic suggests the FBI is adapting to the age of big-data with an NSA-style collect-everything approach, gathering information into a virtual lock box, and leaving it there until it can obtain specific authority to tap it later. There’s no indication that the FBI searched the trove for incriminating evidence before getting a warrant. But now that it has a copy of TorMail’s servers, the bureau can execute endless search warrants on a mail service that once boasted of being immune to spying.

This again highlights one of the problems of the "collect it all" approach. Rather than merely targeting a specific individual or group, the FBI now has all of those emails sitting in a database. Even if it's getting a warrant to search, it's now searching its own database, rather than having to go out to get the information from others who might challenge the requests.

from the a-slight-detour dept

So this one is odd. A core Tor developer, Andrea Shepard, recently ordered a computer from Amazon.com to her home in Seattle. Yet, as she tweeted last night, something odd happened on the way to delivering that package to her house:

Also, some more details from PrivacySOS. As you can see, rather than go from the Amazon warehouse in Santa Ana, California up the coast to Seattle, instead the package went across the country to Dulles, Virginia to Alexandria (right outside of DC) and was "delivered" there. Upon seeing this, my initial reaction was that it might not be a big deal. With shipping logistics these days, it's not uncommon to see a sort of hub system, where packages travel across the country from one warehouse to a shipping hub, only to be shipped back across the country for actual delivery.

But that does not appear to be what happened here at all. As Kade from PrivacySOS pointed out, the final Alexandria address is the final delivery location, rather than the sign of something in process. Also, the fact that it bounced around and then went "out for delivery" to that address shows that it wasn't just popping in and out of a hub for delivery to Seattle.

There are some possible other explanations, including just a general screw-up on the part of Amazon. But given the revelations of how the NSA's TAO group does very targeted spying, that often involves getting access to computers being shipped to targets, combined with the fact that the NSA has made it clear that breaking Tor is a priority that has mostly stymied them, this certainly should raise multiple eyebrows.

from the support-is-good dept

Over the last year, the Freedom of the Press Foundation raised nearly half a million dollars to support important threatened journalism efforts. Over the past few months the Foundation has continued to build on its efforts, such as by taking over the SecureDrop project to make it easier for journalism operations to setup a system to get information securely and anonymously from whistleblowers. The Foundation has now kicked off its latest crowdfunding campaign, focused on supporting a series of encryption tools, including Tor, Tails, Open WhisperSystems and the LEAP Encryption Access Projects. Oh yeah, and its own continued work on SecureDrop. It's a good cause. While they focus on how these encryption tools are for journalists, that's underplaying things. These are tools for everyone.

from the now-wouldn't-that-be-a-fun-lawsuit dept

With this morning's revelation of how the NSA and GCHQ are trying to attack Tor, some of the presentations being used by the NSA to explain Tor are somewhat interesting or amusing. For example, in one presentation about the program EgotisticalGiraffe (I don't make 'em up, so don't ask), the NSA amusingly feels the need to highlight the fact that "terrorists" use Tor:

from the why-so-afraid-people? dept

Ah, the inevitable misleading bullshit response from James Clapper to today's revelations about the attempts to hack Tor is the usual doubletalk and propagranda we've grown accustomed to from the confessed liar. The short version is that they're just trying to "understand" Tor, because if they don't you'll probably die from terrorists.

The articles accurately point out that the Intelligence Community seeks to understand how these tools work and the kind of information being concealed.

However, the articles fail to make clear that the Intelligence Community’s interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies.

In other words: we decimate your privacy, because we care. Sorry, Clapper, we're just not feeling that caring spirit out here in the public. It sure seems like you're a creepy big brother, using any and all methods to distort this discussion and debate, while seeking to collect any and all information you can get your hands on "just because" it might possibly be useful someday -- and with little to no concern for how that impacts everyone else.